While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing’s shadow IT solution is offered as a free tool that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company’s new Gmail and Outlook integrations, which broaden the company’s discovery capabilities and extend their data security features.
The risks of email auto-forwarding rules
Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business partners. Risk examples include:
- Automation means no one is checking for sensitive or private information. Emails with a certain word combination in the title, or a specific sender, will automatically be forwarded to an external entity without any oversight. This can lead to PII data leakage, sensitive data leakage and regulatory violations that can compromise an organization’s compliance.
- Auto-forwarding can also indicate a potential insider risk. A disgruntled employee may auto-forward certain emails to competitors. It can also be as common as an employee who plans to leave the company and wants to maintain access to their work after they leave – auto-forwarding emails to their private email account.
- Malicious actors might use this as an entry point. Bad actors can use these email forwarding rules to exfiltrate data after a successful attack, or as a means to spread phishing campaigns within organizations.
|Screenshot from Wing’s platform, auto-forwarding issues found in gmail and Outlook
What is the connection between SaaS Security and email Security?
For several reasons, it is essential for organizations to uncover SaaS Shadow IT applications. Shadow IT refers to the unauthorized use of IT systems within an organization, often for the sake of convenience or efficiency, without the explicit approval of the IT department. There are some SaaS applications that may pose significant risks to the organization’s security, compliance, and overall efficiency:
- Security Risks: SaaS applications are part of the modern supply chain, and as such they should undergo proper vendor risk assessments and user access reviews prior to connecting them to company data. With Shadow IT, breached applications, non-compliant applications or malicious applications go unnoticed.
- Compliance Concerns: Many industries have strict regulatory requirements that must be adhered to, particularly concerning data privacy and protection. Using unauthorized applications can result in non-compliance, leading to legal consequences, fines, and damage to the organization’s reputation.
- Financial Implications: Uncontrolled proliferation of Shadow IT applications can lead to unnecessary expenditure. Organizations might end up paying for redundant services or duplicate accounts, leading to negligent spending and financial waste.
|Wing’s product illustration – risky email forwarding rules
Wing’s SaaS discovery entails the systematic identification, categorization, and analysis of an organization’s SaaS usage to mitigate shadow IT risks. The company offers three distinct and non-intrusive discovery methods: Connecting to organizations’ major SaaS applications (e.g., Google Drive, Salesforce, Slack, and others) to identify connected applications, scanning endpoints for SaaS signature hits and cross-checking them with Wing’s extensive SaaS database of over 280,000 SaaS records. Their third and newly introduced capability involves connecting to business emails and conducting scans to detect clear indications of SaaS usage. Wing emphasizes that knowing is just the first step in solving and therefore offers customers the means to remediate and eliminate risky shares directly within their platform.